Loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Loader.exe
Size

4.2MB
MD5

2db28e5f36dd099637f02c585f8eface
SHA1

fffac4ce6772de4daaa83dbb6aeeb0c204ad5b1a
SHA256

655a1fa20693b04e9a98e9717af40e55e922e3de857873a8c29e1ec6e34daf61
SHA512

edaa05b2d871f5f743f56568e218552e046da14641f169eccb46b52bb609cb3800304999180d4f399b8b0d34a81d1d2e15edcd5842f7ae37d4a3de222ea39be5
SSDEEP

98304:y2stUMSusSQXcmhuLU1E0Ih6ra4CJ37iIb1o:ylSujQMmhIUOZ0S7iC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader.exe

Files

Loader.exe
.exe windows:5 windows x64 arch:x64

d67ecaba6d3ca8c0eb3ece2d2e04d054

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExW
GetVersion
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CLSIDFromProgID

version

GetFileVersionInfoSizeW

user32

CharUpperBuffW

oleaut32

SysFreeString

netapi32

NetWkstaGetInfo

advapi32

RegQueryValueExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 584B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.M^!
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.|#F
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xTH
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.%IH
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d67ecaba6d3ca8c0eb3ece2d2e04d054

Headers

File Characteristics

Imports

kernel32

ole32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.5MB

.data Size: - Virtual size: 160KB

.bss Size: - Virtual size: 50KB

.idata Size: - Virtual size: 4KB

.didata Size: - Virtual size: 658B

.edata Size: - Virtual size: 152B

.tls Size: - Virtual size: 584B

.rdata Size: - Virtual size: 109B

.M^! Size: - Virtual size: 81KB

.pdata Size: - Virtual size: 99KB

.|#F Size: - Virtual size: 2.2MB

.xTH Size: 3KB - Virtual size: 3KB

.%IH Size: 4.2MB - Virtual size: 4.2MB

.text
Size: - Virtual size: 1.5MB

.data
Size: - Virtual size: 160KB

.bss
Size: - Virtual size: 50KB

.idata
Size: - Virtual size: 4KB

.didata
Size: - Virtual size: 658B

.edata
Size: - Virtual size: 152B

.tls
Size: - Virtual size: 584B

.rdata
Size: - Virtual size: 109B

.M^!
Size: - Virtual size: 81KB

.pdata
Size: - Virtual size: 99KB

.|#F
Size: - Virtual size: 2.2MB

.xTH
Size: 3KB - Virtual size: 3KB

.%IH
Size: 4.2MB - Virtual size: 4.2MB